Recent Comments

Our goal of the blog is to create a space where healthcare IT or business leads can come find the latest or best practical tips in managing project and implementation or participate in a discussion about healthcare IT. The topics will range from healthcare IT technology to analytics and project management to healthcare leadership.

Look for information, insights, and some humor in our posts on the Healthcare and Information Technology industries.

I have encountered many businesses where the relationship between IT and the business are at best cordial, but more often somewhere between cold and hostile. If you talk with both sides you will find good reasons why the other side is wrong. Most of those faults on both sides can quickly be dealt with if there is a clear understanding of the goals are and how long it will take both sides to accomplish them.
When defining problems and identifying solutions a mediator, who understands both sides can greatly contribute to the “solutioning”, which is a key element to successful meetings and outcomes. Ideally a business and IT savvy project manager will be in place to be that catalyst to becoming positively solution focused. If that is not the case find those qualities in someone and get them added to your project team.
If IT simply accepts the requirements and offers no guidance or discussion of how to make it the best solution from the business the solution it may not perform well in the end and the finger pointing will begin again.
If the business is not open to ideas and discussion from the technology professionals the same end result will occur.
Since it is very difficult to see the other side’s point of view when your experience and expertise lies only on one side, bring in that skilled mediator and solutioner to help your team create solutions that will successfully meet your business needs while helping the IT and business units operate efficiently.

I was recently asked what could be done from a leadership perspective to help the organization protect against patient identity theft. The simple answer is to endorse and promote the organization’s security program. What I find all too often is that many healthcare organizations don’t really have a robust security program.

I continue to be amazed at how many organizations do not to have a HIPAA/HITECH mandated security program in place or it is woefully inadequate and only because it’s required. What many organizations don’t appreciate is that this is a simple and relatively inexpensive tool that can help improve overall security across the organization as well as protect patient identities. Believe it or not the HIPAA security rule is a good foundation on which to base your enterprise security policy. It is required anyway, backed by NIST standards and surprise; it will actually improve your overall security.

The key component of a good security program is a risk management plan. This Plan identifies vulnerabilities, threats, and develops the mitigation strategies. A good risk assessment will reveal that the most likely scenario for an identity theft would be a member of the healthcare staff that has access to PHI. The mitigation would be an aggressive workforce clearance (think background checks) policy which is by the way an addressable HIPAA Security requirement.

The second key component, that I consider equally important, is a good security awareness training program. One truth that any leader should realize is that even though your people are great and no one would wittingly compromise patient data, the fact is, they are the single most likely and vulnerable target that the hacker has.

The most exploited threat vectors of today such as APT (advanced persistent threat) start with a targeted phishing (aka spear phishing) attack geared at getting an employee to click on a link to a malware infested webpage. A good security awareness and training program is a cheap and effective way to ensure your people are adequately trained and mindful of situations that could result in an identity theft or larger information breach.

Keep in mind that it would be EXTREMELY difficult to prove that an identity theft occurred because of a breach at the healthcare facility. That is until the thief is caught, and it turns out to be an employee of your healthcare facility. They used your systems to access that info, you are liable, so,,, what’s the plan? Are you ready to follow the breach notification provisions of HiTech and the Ombudsman Final ? If yes then consider yourselves ahead of the curve. If not, why not?

So maybe your organization doesn’t have the resources, the time or upper management support but you realize this is important. This is where outside expertise can help build the business case, get the backing and provide the resources to implement the program.

One of the most important things you do when you get a project going is designing the project plan. There are many key elements and several different methodologies to laying out your project plan, regardless the methodology, there is always a Go-Live Date. The date when you have to turn on the system, staff the department, and/or launch the rocket. Without a Go-Live Date you don’t have a project, you have an ongoing operational money pit.

There are also many different variables to be considered when determining a Go-Live Date (regulatory, software sunset, etc.), but I wanted to share with you some reasons that we have heard that should not be considered to set your date
While some of these may sound like good ideas, these are not reasons WHY to set a date:
• Setting the date just so bonuses can be made at year end
• Setting the date based on the date of a similar software implementation that went live five years ago.
• Setting the date based on birthdays and anniversaries of friends, family members, or pets – BAD IDEA.

I would love to hear some of the crazy stories you all have about setting Go-Live dates. Hopefully this will provide a bit a humor, but also help all of us be on the lookout for project plan timelines based on your hamster’s birthday 😉

Please stay tuned to Go Live Date Part 2 – Top 3 things to consider when you are setting an effective go-live date.

Here are some thoughts from the road last week:
1. When managing a client project it is important to provide clear, proactive communication of expectations and delivery dates. This is especially important when the client must make decision regarding a deliverable by a set date. They sometimes don’t make the connection that their delay in the decision can push back the project completion.

2. While it might seem like common sense, when determining the effort required for a project ensure both sides are thinking along the same lines. Most companies think in terms of 40 hour weeks (minus holidays) and many consultants don’t necessarily operate under the same restrictions. Make sure your budget is based on matching assumptions.

3. Some people it is just their personalities they are open to meeting new people, learning about new products, experiencing new situations. It can be really hard for folks that are not comfortable doing this but honestly, you will not regret it. Push your self beyond your boundaries, be friendly, kind and open to others and you will experience many daily miracles.

1. In spite of the fact that we have all this incredible technology around us all the time to communicate effectively – texts, voice memos, videos, and facetime, we often fail to manage the usage of these tools appropriately. If we think of them as actually tools, like we used to think of pen and pad, as opposed to toys we can get more effectiveness from them.

2. There will always be resistance to change in any organization. The key to success: Good proactive communications. You must get understanding and buy in before you can implement change.

3. It is very important to set expectations and then boldly over deliver to a client.

4. It saves a ton of time and mind clutter if your desk and computer files are organized so you can get to the information efficiently and effectively. It is hard to clean up your desk at the end of each day but it is well worth it to start the morning with a clean slate and a clear set of objectives determined the night before.

It’s nothing new that there is a migration to the “Cloud” for IT shops across a broad spectrum of industries. Healthcare is no exception. So should you go ahead and jump in because the CMIO, the CFO and other tech wannabees are pushing for it?

Let’s face it, most of us IT types are loathe to let someone else take care of our servers. Even if we have a strong investment in VMware, letting the data center go to the public Cloud is kinda like, your daughter moving out for the first time (and yes they usually come back).

Before you let the CFO kill your capital budget, or even if you are a champion of that approach yourself let me give you a little food for thought.

Let’s talk about what a Cloud really is. A very practical definition is “on demand computing capacity”. That is to say, flexible application server processing and disk space capacity when you need it. There are the following types:
• Public cloud: where the assets are available from anywhere that is internet connected.
• Private cloud:where the infrastructure is owned and controlled by the company and is not easily accessible to the rest of the world.
• Virtual Private: Then there is, in my humble opinion, the only option to consider when thinking about moving to the “Cloud” and that is the virtual private cloud. This exists on any hosting company’s infrastructure and is only accessible through virtual private network (VPN) connections and your security infrastructure. This keeps all network traffic nicely encrypted and under your access controls.

So you have to ask yourself, do we want to pay for the secure access portal from Amazon as well? Of course they can provide it and it’s totally feasible. The point is that instead of jumping totally into the Cloud pool, take a more measured approach and consider a hybrid solution. Those of you in the cloud already are most likely using the mixed approach and have realized that migrating some of your legacy applications isn’t so easy. Plus you likely already have a large investment in access control systems, firewalls, etc. do you just toss that? Don’t forget you will have to migrate all that as well if you go all in.

Yes the server/disk space is cheap and you don’t have to maintain it. Yes, a lot of EHR’s and other healthcare related systems are SaaS based apps. Yes, there is no doubt there tons of advantages. But there are also a few things you need to consider before rushing off down that path:

• Connectivity – how comfortable are you with the reliability of your network and the Internet connection. Do you have a dual homed auto fail over backup in place? If not then all the reliability advantage of Amazon’s redundant infrastructure are less meaningful.
• Response times – nothing makes a physician more irate than wasting time waiting on a system to respond. Before you sign up for your EHR’s SaaS offering, do some research on response times, reliability and failover resources.
• Customer service – are you confident that the vendor will provide app support and troubleshooting as good as or better than your own? What about Amazon, do you know what their customer response policy is?

Please share with us what your organization decided or is thinking about when it comes to the cloud?

These are the 4 things that our team members have learned, thought about or experienced last week!

1. Make sure to empower the client in engagements by continually asking for their feedback.

2. Buyer Beware. Make sure your vendor contract has sufficient detail on what will or won’t be included as well as when. This should be no surprise but software vendors often over promise and under deliver. We in the biz use the term “vaporware” to describe software or modules that sales promise to clients but the functionality is either not there or under developed.

3. Please accept or decline when you get an inmail or introduction from Linkedin within 24 hours. When you do respond it is polite and you will gain instant street cred. If you do not have time to network just say so or “I cannot right now here is my information contact me at this time.” The no response is more than just poor etiquette it is just bad business.

4. Be careful when having lunch with clinical folks. You need a well controlled stomach and gag reflex.

Have you ever tried to map data between two or more systems? It is difficult because the values and descriptions often differ. So what do you do? Many people have found success by using a spreadsheet with the integration/interface points listed from each product that is sharing data. But there are a few things you should know before you list a value of the same name into the corresponding fields in your spreadsheet to ensure you are building a successful interface or integration. This post will tell you what you need to know to make sure you are setting up the data transfers appropriately so you can reduce your testing phase.

If you are looking for a solid data map, the best method to ensure you end up with quality data for the end-user at the receiving end of the integration or interface is to do these things:

Involve the business and super users when mapping the data. Do not make decisions about the data strictly from an IT perspective. Ultimately, the end-user is the customer and IT needs to work for them to meet their needs. (It can be a long, slow process but putting in the time to plan is well worth it in the end)

Have all the vendors provide the most current data structures for their APIs that your version of the product represents.

Identify code catalogs that affect the interfaces/integrations and where they exist in the target application for the end user to view.

Codes and Descriptions are two different things. Help the business and super users understand the difference and what they need to define is usually the definitions in the new system to codes coming from a legacy system.

If the vendor is providing a base set of codes, review these with both IT and business teams to decide what values can be “inactivated” and what can be left to fit the map.

Identify what code catalogs cannot be changed but need to have an external translation map.

Products that have both inbound and outbound data feeds must have data tracked from upstream to downstream in the process to identify the code catalog data that must pass through the new system and still produce the proper information to the downstream systems.

While it is not necessary, I have found it extremely helpful to document the codes and descriptions in a shared space with only one or two people allowed to actually change values in the documentation. While many people will make decisions and want changes to the code catalogs of a new product being implemented, if more than a small responsible group are allowed to make changes there will be many issues to recover from on both the IT and business. Once a sample set of data is produced from these mappings, it should be easy to validate the data against the documented code catalog values.

So, by including the business and super user teams in the data mapping process and using the vendor provided API doc with the field information on the release you will be implementing or currently have from legacy systems, you can confidently map data between systems and reduce rework of code catalogs, interface/integration coding and work arounds.

We would love to get your feedback and find out any data mapping tips you can provide to our followers. What has worked well for you?

We are going to have a weekly post of at least one thing our team members have learned, thought about or experienced each week from the road.

1. Having a process that no one else knows about or chooses to follow is really no better than not having a process at all.
2. Vendors many times assume that the client understands all of their jargon and technical terminology, thus causing huge gaps in communication. I have been able to add some value for the client simply by being the ‘translator’ and making sure they understand the message.

3. There is a delicate balance with communication between the project team and client. It takes a deep understanding of the client to know what is enough information to share in a project to satisfy the client of the progress being made so they feel confident and reassured about the project.

4. Regardless if it is in a meeting, email or presentation – you must always have a message if you want to influence and inspire. Ask yourself before the call – What’s my point? Be able to state that message in a single clear sentence.

Why do you (should you be healthcare clinics, plans, acos need IT consultants? Just because your three year old can play a game on your phone or tablet that you did not even know was there does not mean they know how the actual game works. Information Technology isn’t rocket science, but is does required trained and skilled professional to implement it correctly.

Today’s technology is much more user friendly and accessible for end users and our youth are exposed to it in every aspect of their daily lives and therefore are better equipped as users than most of us in older generations, but they still are not infrastructure experts.

Here are 5 main reasons you should use IT consultants?

Utilize external experts when you need them. When you make the right choice in consultants, the out-of-pocket costs are greatly outweighed by the business value you receive.

To identify and find out of the box solutions.

To act as a catalyst for change. Change is hard. Process change and new systems can be daunting but IT consultants have experience with multiple sites implementing the same system that you are installing.

To be an objective onlooker

To supplement a company’s internal staff

Why have you hired an IT consultant for your project? Please feel free to share your thoughts and experiences with your consultant.